> On Tue, 03 Jan 2006, Simon Matter wrote: >> could not build postfix with SASLv2 _and_ LDAP support if the installed >> openldap has been built for SASLv1. This has just resulted in segfaults. > > You are experienced what I call the "missing versioned symbols hell". We > have that fixed in Debian by force. If you're interested in the patches to > fully version SASLv2 (Debian dropped SASLv1), just drop me a note and I > will > send them to you. I *think* they were sent to CMU as well, but I am not > sure, I will revisit this if the Cyrus maintainer team in Debian takes > over > Cyrus SASL as well.
Thank you for the detailed explanation. In my case I don't want to touch anything SASL related. > > NOTE: I assume the old problem with SASL using global state that prevented > it from being used at the same time in client and server mode has been > fixed. Otherwise, it could be the cause as well, it depends on what has > the > chance to break the app first. > >> Without understanding what exactly the problem was, I fear the same >> could >> be the case with cyrus-imapd as well? > > It depends. Without symbol versioning, if you somehow manage to link both > saslv1 and saslv2 to the same library or application, it goes kaboom. > This > can happen if you link to libs linked to different versions of sasl, or if > glibc nsswitch modules link to sasl (guess what happens if you use LDAP > passwd maps?). > > So, if cyrus-imap is linked to saslv2 (HIGHLY recomended), and *anything* > else it uses is linked to saslv1 (e.g. openldap libs), and symbols are > unversioned... bad things _will_ happen. Note that the same crap happens > if > anything SASL links to (or dlopen()s, it is the same problem) manages to > link to other SASL lib (again old openldap libs...). Okay, so it _will_ break in my case and I'll design the rpm so it detects whether openldap is linked against SASLv1, and if it's true, it will build without ldap support. > >> BTW: I know that openldap built against SASLv1 is old, but I still want >> the rpm to be suitable for older platforms. If it's a problem I simply >> disable ldap pts support for those using openldap/SASLv1. > > You cannot fix this, I am afraid. The old libs won't be versioned, thus > they will still require that the *entire* system use either saslv1 or > saslv2 > for maximum stability. You need to have at least one of the clashing libs > with symbols versioned... AND you absolutely *must* have built everything > using that library against the library with versioned symbols. > > Oh, and the symbol version must be the same, too. In Debian, we are using > "SASL2". As you said I can't fix this and I don't want. I will just make sure that on systems with openldap/SASLv1, the cyrus-imapd packages are built without ldap support. Thanks for clearing this up, Simon ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
